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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent temri adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 28 November 2007 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) \3 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 1^ Claim(s) 1-49 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) M Claim(s) 1-49 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)S The drawlng(s) filed on 09 December 2003 is/are: a)E] accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. 

3) □ Infomiation Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Infomial Patent Application 

Paper No(s)/Mail Date . 6) □ Other . 
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DETAILED ACTION 



1. Claims 1-49 are pending 



Response to Arguments 



Regarding the Applicants arguments based on the amendment to include "a 
single security data repository that resides in the second server and provides to the 
second server user security information associated with both the first server and the 
second server," the Examiner believes that Fisher anticipates this limitation. Fisher 
teaches a single security data repository that resides in the second server and provides 
to the second server user security information associated with both the first server and 
the second server ("the CAP server will perform authentication by accessing the database of 
the appropriate authentication backend for the given application., .it obtains the user or user 
group information it requires to perform authentication function from an external user or user 
group database contained in an authentication backend" Paragraph [0023]) The Examiner 
interprets the data repository as the database. The Examiner interprets the user security 
information as the authentication or credential information. 
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Applicant's arguments regarding including the limitation "wherein the first server 
holds information of group and access control lists" with respect to claims 1-49 have 
been considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-49 are rejected under 35 U.S.C. 112. second paragraph, as being 

indefinite for failing to particularly point out and distinctly claim the subject matter which 

applicant regards as the invention. Claims 1.13, 26, 38 claim the limitation "information 

of group and access control list." It is unclear whether the Applicant intends to claim 

"information of group" (group information) and access control list, or information of 

group control list and access control list. Claims 2-12. 14-25. 27-37, 38-49 depend on 

the above claims and are rejected for the same rationale. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, If the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 

2. Claims 1-2, 7-15, 20-27, 32-39, 44-49 rejected under 35 U.S.C. 103(a) as being 
unpatentable over Fisher (20030033535). 

Regarding Claims 1, 13-14, 26, 38 

Fisher teaches a system for single security administration comprising: 

a first server that includes an authentication server; (Tig. 2 shows a block diagram 
illustrating the architecture 200 of an exemplary, common authentication protocol or proxy 
(CAP) server 40 according to one embodiment of the invention" Paragraph [0019]). The 
Examiner interprets the CAP server as the first authentication server 
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a second server that includes an embedded LDAP server; ('The architecture of the 
Cap server includes. an authentication interface which communicates with directory sen/ice 
bacl<ends including.. LDAP" Paragraph [0019]) The Examiner interprets the authentication 
backend the second server. 

a single security data repository that resides in the second server and provides to 
the second server user security information associated with both the first server and 
the second server ("the CAP sen/er will perform authentication by accessing the database of . 
the appropriate authentication backend for the given application... it obtains the user or user 
group information it requires to perform authentication function from an external user or user 
group database contained in an authentication backend" Paragraph [0023]) The Examiner 
interprets the data repository as the database. The Examiner interprets the user security 
information as the authentication or credential information. 

a default security plugin at said first server that receives authentication requests 
from clients and fonA^ards them to said first authentication server; CA user 30 wishes to 
begin an application 20 on the data processing system. ..The application 20 will send a request 
for authentication credentials 300 to the CAP sen/er 40 (step 420) Paragraph [0021]) The 
Examiner interprets the application as the default security plugin that receives authentication 
requests from clients and fonA/ards them to an authentication server.fSecure Channel from the 
Client... Security is provided by encapsulation at the transport layer so that alternate security 
methods may be used or "plugged in." Paragraph [0123]) 

wherein, in response to receiving a request for authentication from a client, the 
system initiates a session between said first server and said second server, passes 
query information from said LDAP authentication server to said embedded LDAP 



Application/Control Number: Page 6 

10/731.371 

Art Unit: 2139 

server, receives corresponding user information, ("The CAP server will perform 
authentication by accessing the database of the appropriate authentication backend 110 for the 
given application," Paragraph [0023]) 

and creates a token that reflects an authentication result that can be used by said 
client. (If the credentials are authentic, then the CAP server will return an authentication token 
to the application," Paragraph [0024]) 

Fisher does not explicitly teach that the first authentication server is an LDAP 
Enterprise server, the second server is an Application server or opening an LDAP 
session between the first and second server. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to make the first authentication server an LDAP server. 

One of ordinary skill in the art would be able to use a LDAP server as the first 
server because LDAP servers are common in the art. Fisher already teaches the first 
authentication server communicating with the LDAP authentication backend (second 
server), therefore if the first authentication server is an LDAP server then it is inherent 
the communication between the first server and the LDAP authentication backend 
would be an LDAP session. Enterprise and Application servers are well known in the 
art and one of ordinary skill would have been able to modify Fisher to include them. 

Although Fisher does teach the first server holding user and user group 
information ("If the authentication token is valid, the CAP server will pass the corresponding 
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user ID (or group ID) or other user credentials to the subsequent application. " Paragraph 
[0026]), Fisher does not explicitly teach wherein the first server holds information of an 
access control list. 

Because authentication is distinct from authorization ("Authentication is distinct from 
authorization, which is the process of giving a user access to a data processing system object 
based on their identity" Paragraph [0022]) access control lists are well known it would have 
been obvious to one of ordinary skill in the art at the time of the invention to modify 
Fisher to include the first server holding group information and access control lists. 

Access control lists on servers are well known in the art and one of ordinary skill 
in the art would have been able to modify Fisher to include access control lists on the 
first server with predictable results. The motivation to include access control lists on the 
first server is to provide a way to authorize users. 

The cited art teaches the method that the system performs. 

Regarding Claims 2. 15, 27, 39 

Fisher teaches the system of claim 1 wherein the system checks a user profile 
database or user profile configuration information to determine where the user security 
information is stored. ("In general, the CAP server. . .obtains the user or user group 
information it requires to perform its authentication function from an external user or user group 
database contained in the authentication backend" Paragraph [0023]) 
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Regarding Claim 7. 20, 32. 44 

Fisher teaches the system of claim 1 wherein said query information is query 
user infonnation that specifies a particular user or group of users. ("In general, the CAP 
server. . .obtains the user or user group information it requires to perform its authentication 
function from an external user or user group database contained in the authentication backend" 
Paragraph [0023])(LDAP User Filter, LDAP Group Filter, Paragraph [0095-6]) 

Regarding Claim 8, 21, 33, 45 

Fisher teaches the system of claim 1 wherein the system includes a plurality of servers 
("The invention seeks to provide a method and system for user authentication in a data 
processing system wherein users only have to logon once, while being able to access multiple 
applications and servers" Paragraph [0006]) 

Regarding Claim 9, 22, 34, 46 

Fisher teaches the system of claim 8 wherein at least one of said plurality of 
servers include an LDAP authentication server. ("LDAP Server Host" Paragraph [00941]) 

Fisher does not explicitly teach where at least two servers include an LDAP 
authentication server. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include two LDAP authentication servers. 

The motivation is that Fisher already teaches using multiple servers, including 
one LDAP server. One of ordinary skill in the art would have been able to add another 
LDAP server without altering the functionality of the system. 

Regarding Claim 10, 23, 35, 47 

Fisher teaches the system of claim 1 , further comprising a user information 
cache that caches a copy of said user information, ("the authentication token is generally 
stored in cache memory within the data processing system and is passed to each application 
that the user needs to access without the need to request new credentials each time" 
Paragraph [0030]) The Examiner interprets the authentication token as comprising use 
credentials. 

Regarding Claim 11, 24, 36, 48 

Fisher teaches the system of claim 1 . The Examiner asserts that any system 
which has multiple servers and is compatible with LDAP (including the system of 
Fisher) is scalable to include multiple LDAP authentication servers and/dr multiple 
embedded LDAP servers. 
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Regarding Claim 12, 25, 37, 49 

Fisher teaches the system of claim 1 wherein at least one of said servers include a 
console program for administering the security of the system. ("The CAP server includes 
an administration system tfiat provides a system administrator with the ability to change or 
configure the CAP sen/er's properties. Configuration may be HTML based. The HTML page 
may be generated by a sen/let The administration screens may be accessible from a browser, 
and editor, or an enterprise information portal. " Paragraph [0084]) The Examiner asserts that 
an administration system as described inherently requires a computer program. 

3. Claims 3-5, 16-18, 28-30, 40-42 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Fisher in view ofTheServerSide.com article "BEA announces Bea 
Tuxedo 8.0 and Bea Weblogic Enterprise 6.0" on June 12, 2001. 



Regarding Claims 3-5, 16-18, 28-30, 40-42 

Fisher teaches the system of claim 1 . Fisher does not explicitly teach wherein 
said first server is a WebLogic server, and said second server is a Tuxedo server. 

TheServerSide.com shows an article that teaches the Weblogic and Tuxedo 
servers are well known servers in the art. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to use a Weblogic server as the first server and a Tuxedo server as the 
second server. 

The motivation is that WebLogic and Tuxedo servers are well known in the art, 
and one of ordinary skill would have been able to use these servers in the system of 
Fisher. 

4. Claims 6, 19, 31 and 43 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Fisher in view of Zois.co.uk's Technical note "Using Tuxedo 
Asynchronously with Global Transaction" published 4/23/2001. 

Regarding Claim 6, 19. 31, 43 

Fisher teaches the system of claim 1 , but Fisher does not explicitly teach wherein 
wherein said client is a Tuxedo client and said request is a tpinit call. 

Zois.co.uk teaches that Tuxedo clients and tpinit calls are common in the art. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to use Tuxedo clients as a client and tpinit calls for the request. 

The motivation is that Tuxedo clients and tpinit calls for requests were common 
at the time of the invention and one of ordinary skill in the art could use these well 
known items in the system of Fisher with predictable results. 
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Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly. THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Harris C. Wang whose telephone number is 
5712701462. The examiner can normally be reached on M-F 9-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, KRISTINE KINCAID can be reached on (571) 272-4063. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 



Application/Control Number: Page 13 

10/731,371 

Art Unit: 2139 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infomriation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



